This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug regex/17069] New: leak in regcomp

From: "konstantin.s.serebryany at gmail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Thu, 19 Jun 2014 05:53:27 +0000
Subject: [Bug regex/17069] New: leak in regcomp
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=17069

            Bug ID: 17069
           Summary: leak in regcomp
           Product: glibc
           Version: 2.20
            Status: NEW
          Severity: normal
          Priority: P2
         Component: regex
          Assignee: unassigned at sourceware dot org
          Reporter: konstantin.s.serebryany at gmail dot com
                CC: drepper.fsp at gmail dot com

regcomp has a memory leak. Present in ancient 2.15 and in fresh trunk.

clang -fsanitize=address -g ./r.c && ASAN_OPTIONS=fast_unwind_on_malloc=0
./a.out 1


==1371==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x4943d9 in calloc
    #1 0x7fa25a3e57c3 in parse_bracket_exp glibc-trunk/posix/regcomp.c:3045
    #2 0x7fa25a3e57c3 in parse_expression glibc-trunk/posix/regcomp.c:2265
    #3 0x7fa25a3e9181 in parse_branch glibc-trunk/posix/regcomp.c:2193
    #4 0x7fa25a3e9408 in parse_reg_exp glibc-trunk/posix/regcomp.c:2145
    #5 0x7fa25a3ea156 in parse glibc-trunk/posix/regcomp.c:2114
    #6 0x7fa25a3ea156 in re_compile_internal glibc-trunk/posix/regcomp.c:794
    #7 0x7fa25a3ece0f in __regcomp glibc-trunk/posix/regcomp.c:501
    #8 0x4b2c6e in main r.c:8

Valgrind sees it too: 
gcc -std=c99 -g ./r.c && valgrind --leak-check=full ./a.out 1
==1895== 32 bytes in 1 blocks are definitely lost in loss record 1 of 1
==1895==    at 0x4C2B1B8: calloc (vg_replace_malloc.c:618)
==1895==    by 0x4F145DE: parse_expression (regcomp.c:3057)
==1895==    by 0x4F1246F: parse_branch (regcomp.c:2170)
==1895==    by 0x4F127BD: parse_reg_exp (regcomp.c:2122)
==1895==    by 0x4F12CBF: re_compile_internal (regcomp.c:2091)
==1895==    by 0x4F16E7E: regcomp (regcomp.c:506)
==1895==    by 0x4005E9: main (r.c:8)

Running this test with large number of iterations you can see the leak in 'top'


#include <regex.h>
#include <stdlib.h>

int main(int argc, char **argv) {
  long n = argc == 2 ? atol(argv[1]) : 1;
  for (long i = 0; i < n; i++) {
    regex_t r;
    regcomp(&r, "[^[][:alpha:][:up[^perword:]\\{-2(?<!27,}ï\\p.o\n"
               
"]ïïïïï+)][:x[digit:]]\\P{^Gothic}{-109,}^{235}NNNN{214,}{-83}\\z\\w", 0);
    regfree(&r);
  } 
}   

Found with the help of regfuzz

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug regex/17069] leak in regcomp
  - From: fweimer at redhat dot com
- [Bug regex/17069] leak in regcomp
  - From: cvs-commit at gcc dot gnu.org
- [Bug regex/17069] leak in regcomp
  - From: schwab at linux-m68k dot org
- [Bug regex/17069] leak in regcomp
  - From: konstantin.s.serebryany at gmail dot com
- [Bug regex/17069] leak in regcomp
  - From: konstantin.s.serebryany at gmail dot com
- [Bug regex/17069] leak in regcomp
  - From: konstantin.s.serebryany at gmail dot com
- [Bug regex/17069] leak in regcomp
  - From: cvs-commit at gcc dot gnu.org
- [Bug regex/17069] leak in regcomp
  - From: schwab at linux-m68k dot org
- [Bug regex/17069] leak in regcomp
  - From: konstantin.s.serebryany at gmail dot com
- [Bug regex/17069] leak in regcomp
  - From: cvs-commit at gcc dot gnu.org

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]